Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
{ "nvd_published_at": "2020-06-26T21:15:00Z", "cwe_ids": [ "CWE-78" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-01-11T15:51:06Z" }